Skip links

Guide to Cybercrime for SMEs

guide to Cybercrime

According to a report published by GCHQ in January 2015 Cybercrime poses one of the biggest threats to the UKs national security ranking alongside terrorism.  The report also revealed some very worrying statistics for businesses;

  • 8 out of 10 of the biggest uk companies have suffered a Cybercrime in the last 12 months
  • In one case it cost a company over 800 million GBP
  • It’s estimated that Cybercrime costs the UK economy an estimated 20 billion a year.

Does Cybercrime affect SMEs?

Many firms are reluctant to report attacks on computer systems or theft of sensitive information out of fear it would damage their reputation.  However, a new poll of UK businesses with up to 49 employees by the Association of Accounting Technicians (AAT) has found that 42% have been affected by cybercrime. Of these, 23% have suffered virus infection to their business computers; 22% had been victims of phishing (where sensitive information is fraudulently obtained); and 12% had been victims of card fraud.

Despite these worrying figures, the research has found that a significant number of SME firms are still not doing enough to protect their business.  In fact, 14% of those polled said that they were not using any methods at all to protect their business from cybercrime. The research also revealed that:

  • 31% are not using regular updates of anti-virus software;
  • 34% of firms are not using firewall protection;
  • Only 38% said they changed their business passwords regularly;
  • Just 30% said they regularly installed security patches, to keep security software up to date for the latest threats.

Forms of Cybercrime


Malware refers to any malicious software, the two most common forms of which are viruses and Trojans. Malware can infect your computer if you open an infected email attachment or by opening or downloading an infected file.

Once your computer is infected Malware can capture your keystrokes and steal your passwords to access your online accounts.  Fraudsters also use Malware to present seemingly genuine online banking portals which will capture your login credentials and pin numbers to access and steal money from your account.


Phishing is the practice of sending e-mails masquerading as genuine online services such as banks or e-commerce sites.  The e-mail will usually contain a link to a fake website which looks virtually identical to a legitimate one.  The message in the e-mail usually suggests that you need to action something urgently, for example to prevent your online access from being blocked.

If the recipient of the phishing e-mail is successfully duped into clicking the link and entering credentials the fraudsters will capture the credentials and use them to commit fraud.

10 Signs your computer might be infected with malware


Malware tends to slow your computer down, it may affect the speed of your Operating system, your applications or your Internet

Pop Ups

Unexpected Pop ups are very often a sign that you have a Malware infection


If your applications regularly crash or lock up your system may be infected

Running out of hard drive space

Many Malware infections use methods that will result in your hard drive being filled up.  If you notice your hard drive running out of space you need to call IT support and get it checked out.

Unusually high network activity

Very often Malware will use your internet connection from a computer in the background.  If no one is using the Internet and no programmes are connected to online services but your Internet connection has high activity then this could be a sign of a malware infection.

New browser home page

Some Malware will make changes in your web browser such as installing unwanted toolbars or changing your default browser homepage.  If you notice any of these changes you need to call your IT helpdesk and get it checked out.

Unusual activity

Unusual messages appear or programmes start automatically.

Your Virus protection software is disabled

Your security software such as anti-malware or Anti-Virus software don’t seem to work anymore or the update feature appears to be disabled.

Strange e-mails

Your contacts report receiving strange messages or emails from you.

Suspicious Hard drive activity

If you notice that your hard drive LED is constantly flashing even when you are no longer using your computer this is a sign that there could be a malware running and it should be investigated.

What can you do to protect your business?

Training and awareness

No technical solution can effectively stop a user who has been duped from sending out sensitive information such as passwords.  Training and awareness of all the relevant employees can help to ensure that those individuals who have access to digital keys are aware of the threats and how they operate.

Keeping the staff that hold digital keys to a minimum enables firms to focus increased training and awareness efforts on those few key individuals.  That is not to say that fraud education and awareness of all staff should be neglected.

Basic user training guidelines

  • Hover over any links within emails to see what the true web address is.
  • Look out for emails that are poorly worded or that contain spelling mistakes.
  • Remember that genuine bank emails will contain your name.  Be wary of anything that begins with ‘Dear valued customer or similar’
  • Banks will never send an e-mail asking a client to enter personal details or containing a link to a page that contains these details.

Employ IT best practice

  • Ensure that your computer is protected by good anti-virus & malware software that is kept up to date and configured by an IT professional.
  • Don't install or allow users to install software onto computers without some controls in place to ensure that it will not infect the computer or lower its resilience to Malware threats.
  • Ensure that you have a good firewall (with security services) that is professionally configured and kept up todate.
  • Use content filtering services on your network which will block access to websites known to host malware.
  • Use spam filtering to remove unwanted emails.
  • Keep operating systems up to date with security patches and service packs.


Cybercrime is increasing and continuously evolving and represents a serious threat to businesses of all sizes.  In terms of prevention, unfortunately there are no ‘Silver bullets’. Managing Risk needs to be a continuous effort combining company policies, user training and IT best practice.

The place to start is to perform a risk assessment. This is easy to complete with a bit of help of your IT support department, and it will help you to see the wood from the trees and focus attention and any expenditure in the most valuable areas.

Connexion are an IT support company in Berkshire that specialise in the professional services sector and IT compliance.  If you would like a no strings attached discussion about your IT data security and requirements then we’d be delighted to hear from you, just email us here and we'll give you a call.

Rob Leverton

Rob has worked as an IT technician and project manager with Connexion for 14 years before moving into his current role as head of the technical services team.

Although Rob comes from a technical background he’s very much a people person and he is exceptionally good at building excellent working relationships with our customers and his technical team to deliver service excellence to our clients.

Rob Leverton

James Stratton

James is passionate about technology and how it can transform business.  Having worked with hundreds of businesses in many different sectors over the last 25 years he has a huge amount of business IT knowledge that he enjoys imparting to Connexions customers.

James is responsible for Connexions strategic development and also still enjoys a role in consulting and sales and marketing